Amazon third-party sellers targeted by attacks

Towards the start of April 2017 it came to light that hackers were targeting third-party sellers on Amazon.com. Using stolen credentials the hackers were posting fake deals on the site. Andy Heather, Vice President and General Manager of EMEA at Centrify, has recently commented on the attacks.

“The news that hackers are targeting third-party sellers on Amazon.com, and using stolen credentials to post fake deals is no real surprise. Compromised credentials are often the root cause of many major breaches, as hackers target networks through trusted third-party suppliers and contractors who likely have less rigorous security than the ultimate target.

Proper security procedures and due diligence should be applied right across the supply chain, and not remain entirely with Amazon. This certainly won’t be the last time we see third parties being hacked – organisations need to up the security stakes with multi-factor authentication, which requires more than one method of authentication to verify the user’s identity for a login or other transaction, in order to stop the use of stolen credentials.

Amazon and those third party targets should be advising affected customers to, at the very least, change their passwords – especially if using the same one on different websites – to protect themselves against any repercussions. Monitoring for any suspicious activity on bank accounts, and being wary of phishing mails would also put them in good stead.”